* Posts by Sitaram Chamarty

160 posts • joined 30 Aug 2008

Page:

NSO Group 'will no longer be responding to inquiries' about misuse of its software

Sitaram Chamarty

I wish...

the NSO chief and/or senior officers had attractive twitter handles.

NPM is Now Providing Malware – or was until recently

Sitaram Chamarty

there's supply chain attacks...

and then there's NPM, which is in a whole class by itself in terms of problems.

At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

Sitaram Chamarty

ETERNALBLUE jealousy

someone in China is jealous of the NSA and how they found and hoarded ETERNALBLUE!

Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise?

Sitaram Chamarty

Re: my "QKD for managers"

good article, but interception is not the only problem. With sufficient hardware resources, Eve can implement a true MITM -- get between them and relay messages back and forth -- because QKD has no *identity* component.

Sitaram Chamarty

my "QKD for managers"

Here's what I say when a "manager" asks me about QKD:

QKD is a popular and well known method of extracting money from gullible people -- whether it is in the form of grants, startup funding, or outright "product" purchase. In keeping with "quantum" principles, the person being diddled out of his money cannot simultaneously also *know* that he's being diddled.

More seriously, here's some excellent reading for anyone thinking QKD is actually useful: https://crypto.stackexchange.com/questions/51311/what-makes-quantum-cryptography-secure/51314#51314

Reserve Bank of India warns against Big Tech's potential to dominate financial services

Sitaram Chamarty

Re: Communist struggle

> I doubt they are particularly concerned about their citizens economic wellbeing.

Let me fix that for you:

"I doubt they are particularly concerned about their citizens wellbeing."

Google tweaks Android Messages app to auto-classify or auto-delete messages

Sitaram Chamarty

Re: One time passwords

That reluctance has nothing to do with google, as the phone provider.

Banks and other such entities would have a much more expensive, and possibly even confusing to many, provisioning workflow if they moved away from SMS.

If you're wondering why TOTP would be confusing, I can only say you're extrapolating from the audience of *this* site.

Also, SMS is not so bad here. There's a rule (law? not sure) that all incoming and outgoing SMSs are blocked for 24 hours on any new SIM activation. Raises the bar quite a bit for SIM jacking attacks.

Pull your Western Digital My Book Live NAS off the internet now if you value your files

Sitaram Chamarty

saved me the trouble...

came here to say I have zero sympathy for people who have TERABYTES of data but no backups...

saw that it's already been said, and much better too!

Will the real IRC please stand up? Freenode’s forest fire leaves ashes – and fresh growth

Sitaram Chamarty

what?

no idea what you're on about man. I've never seen anything remotely like this in various channels. All tech channels though.

The non-tech stuff I suppose is another story, but even then I suspect there are gradations.

What is it with Facebook and screwing democracies? Now calls for Prime Minister Modi to resign censored in India

Sitaram Chamarty

I wish...

I wish I could say that was entirely true.

I mean, I agree it's not religion. The various religious gathering contributed only a little

But it's not caste either. Wealth and power trump caste any day, yet the Chief Minister of Telangana (KCR) and his son (KTR) are covid-positive.

I can only see elections as the primary problem. I'm also basing my opinion on a couple of very recent news items (27th April; 2 days ago):

- https://indianexpress.com/article/india/as-covid-curve-and-deaths-surged-hardly-a-blip-on-election-commission-radar-7290505/

- https://www.deccanchronicle.com/nation/current-affairs/270421/election-commission-should-be-charged-with-murder-madras-hc.html

GitLab latest to ditch 'master' as default initial branch name: It's now simply called 'main'

Sitaram Chamarty

Re: Aargh...

I like to point out that "person" has "son" in it :-)

Sitaram Chamarty

Re: In me yoof...

I believe "taking insult on other people's behalf" is more commonly called "virtue signalling" :-)

India pauses blockchain-powered SMS spam-scrubber after it swallows people's one-time login codes

Sitaram Chamarty

Re: Maybe that explains why they've made such a hash of it....

this place is peppered with comedians!

The wrong guy: Backup outfit Spanning deleted my personal data, claims Cohesity field CTO

Sitaram Chamarty

this guy is a STORAGE EXEC

wow...

unlike some of you guys, I have no sympathy for him. He definitely should know better.

Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants

Sitaram Chamarty

a few years ago...

maybe 2014, or 2015, or thereabouts, TCS (my employer, Tata Consultancy Services) was "hacked" (1) the same way.

I'm really too lazy to look it up but I think that was also NetSol when that happened.

Looks like they haven't learnt any lessons or modified any of their processes to cover this!

----

(1) "hacked", in quotes because everyone said we got hacked and we had to go around explaining that it was actually the DNS provider that was "hacked"

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs

Sitaram Chamarty

say primary instead of master?

to avoid elitism?

well, I'm an Indian, El Reg is Brit -- in both countries, our head of government (1) is the *Prime* Minister, not the *Master* Minister.

Can you get more elitist than "the head of the entire country"?

f-ing virtue signalling corporate jackasses...

(1) the real one, not the titular one

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Sitaram Chamarty

Re: if I did get one I would probably just delete it sight-unseen

not when "auto-retrieve" is off.

The message has not been retrieved.

Sitaram Chamarty

zero-click? I'm not so sure...

I have a 4 years old Samsung "J2-6" (if I remember the model number right). I just checked in the Messages app, and under "Multimedia Messages" I see "Auto retrieve" is off.

I'm pretty sure I would done that during a permisison sweep when I first got the phone, so granted, it may not be the default, but as it stands, I very much doubt this is "zero-click" for my phone.

And since I know *no one* who would send an MMS (with Whatsapp being near ubiquitous) if I did get one I would probably just delete it sight-unseen.

Now, if you can send this via Whatsapp... now that would be a story!

Indian Railways suffers unspecified security 'breaches in various IT applications'

Sitaram Chamarty

implications for normal people

Implications for normal people are likely to be

- non-financial data: name, age, train travel history, phone number, email address

- financial data: minimal or not at all (IMO)

It's been ages since I booked a ticket on IRCTC, but purchases in India are almost never of the "merchant knows your credit card number and has to keep it safe" type. Most people use "Net Banking", where the merchant does not know anything. It's somewhat like how the initial authentication flow of OAuth works -- you get directed from the merchant to your bank, you login there, accept the payment, and you are then sent back to the merchant, except in this case the merchant does not even know your account number in the bank, though he does know *which* bank you went to.

Devuan adds third init option in sixth birthday release

Sitaram Chamarty

telecom secor naming...

3gpp has "evolved nodeB" and "next generation nodeB".

Damned if I know which comes first!

Wells Fargo patent troll case has finance world all aquiver so Barclays, TD Bank sign up to Open Invention Network

Sitaram Chamarty
WTF?

USAA a patent troll?

I'm curious why USAA has been labelled a troll (if I connect the headline to the details correctly).

Wasn't troll supposed to denote entity that don't actually use the tech themselves in some way? I.e., a "non-practicing entity"

USAA is hardly a "non-practicing entity", in fact quite the opposite.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

Sitaram Chamarty

Re: How is this possible?

I think he meant to include C++ in what he said.

I hear Rust is becoming very popular...

Twitter CEO Jack Dorsey says Trump ban means the service has failed

Sitaram Chamarty

Re: Screwed the pooch and knows it

@POTUS is still active. It's a *personal* account that has been deleted.

Sitaram Chamarty

Re: Screwed the pooch and knows it

They have not banned POTUS, as in the @POTUS twitter account.

They have banned Trump's personal account, which he has been using to further a far-right agenda while "serving" (and I use the word very loosely) as POTUS.

There **is** a significant difference between these two accounts in terms of the debate that Merkel and co have started, and I am appalled that they are not seeing this difference.

Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy

Sitaram Chamarty

Re: I might be stupid but...

yes, I also thought the same (offline brute force).

However, it can *potentially* eliminate phishing -- but only with browser support I guess. It could even prevent "active MITM" -- the type of phishing that snarfs OTP codes also, from working

I'll have to refresh my memory / understanding of PAKE but if it has an internal Diffie-Hellman type component triggered by the actual password, then the man in the middle cannot learn the session key.

But all this requires browser support. Without browser support -- meaning the password entry window clearly looks different -- the user would have no way to differentiate a phishing site from the normal one.

China takes TikTok-WeChat ding-dong to World Trade Organization, accuses US, India of breaking global rules

Sitaram Chamarty

doesn't China already ban a lot of US apps?

I thought at least Whatsapp and something else are banned in China...

If true, why is no one mentioning that in this discussion?

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

Sitaram Chamarty
Linux

hah! paranoia pays off

I've always been a paranoid bugger who runs the mail client in one userid, and 3 different browsers in 2 other userids.

If the malicious link appeared on a web page, it would hit a blank wall -- the userid that is running the browser won't find an email client running, and even if it starts one it's definitely not configured to do anything.

It's also fairly easy to setup this kind of separation in Linux; I imagine a lot of people may be doing similar things (if they're paranoid enough that is).

US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak

Sitaram Chamarty

Is this news?

Maybe it's "proven" now, but to most sensible people with more than Fox News as a source this was kinda assumed to be true, wasn't it?

I certainly thought Assange had a direct hand in Hilary Clinton's defeat. (I don't live in the US. My impressions are formed only from various RSS feeds of normal newspapers (if they're not paywalled) and print newspapers in India).

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Sitaram Chamarty

Re: Pull request denied

unlikely; or at least I have given up hope.

Ironically, considering the title of this article, he actually once said "people who are easily offended, should be offended".

Sitaram Chamarty

Re: No problem with most of it, but...

"Person" has "son" in it, offensive to daughters.

Sitaram Chamarty

Re: No problem with most of it, but...

or witches (burned at the "stake")?

As a self-confessed fan of Hermione Granger, I take offense on her fictional behalf!

Devuan Beowulf 3.0 release continues to resist the Debian fork's Grendel – systemd

Sitaram Chamarty

Re: "It solves a problem that people have."

Damn; best comment I've seen about this in the whole thread (and many of the others were pretty good too, so that makes this even better!)

Remember when Republicans said Dems hacked voting systems to rig Georgia's election? There were no hacks

Sitaram Chamarty
Facepalm

what do you expect when ...

... the person in charge of *conducting* the election is also a candidate?

just as a reference, in India the election commission is completely independent of the executive and the legislature.

India releases data-use protocols for its contact-tracing app... after five weeks and 100 million downloads

Sitaram Chamarty

Re: "may be" uploaded on to an NIC server

With a government agency, "monetise" is not the main worry. It's "discriminate", "victimise", "marginalise", and several other things.

And I don't mean just "Big Brother ((C) George Orwell) Modi". I mean any government anywhere in the world, really, because that's what our world is looking like more and more.

That said, I agree with Raj in what he said about the NIC. Not sure about the other part though... sounds plausible, but then the google+apple API expressly prohibits it. What do they do that we are missing?

Facebook takes $5.7bn stake in Jio – India's largest mobile telco

Sitaram Chamarty

I've upvoted your post, because I agree with you. Mostly.

In reality though, not everyone who has "Phone Pe", "Google Pay", and similar payment apps have *internally* enabled the UPI interface, so I have several times found that what I have (the BHIM app, from NPCL -- National Payments Corp Ltd I think) does not help me pay certain merchants, and I had to resort to cash.

(I've always been a "cash" guy, always wary of digital surveillance, but my "cash preferred, Big Brother Modi stop watching what I am buying" attitude has taken a hit due to Covid-19)

India allows half of IT services workers back to the office next week

Sitaram Chamarty

Re: Good grief.

when they start saying "circle back" it's time to cut something off. Not saying what or whose...

Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers

Sitaram Chamarty
Thumb Down

Re: So, one Linux myth bites the dust

So I clicked the link.

Every single one is "risk level: low" and "wild level: low".

Existence is moot if it does not propagate.

To be clear, we're not saying Linux is invincible. As someone else mentioned, Linux encompasses all the software that runs on it (at least in people's minds). The Equifax hackers who used Tomcat bugs (if memory serves me right) could easily have written it to *also* propagate, but server to server propagation of binary exploits is not that easy (other than via hacked JS that gets included in a "partner" site).

But a thriving virus ecosystem, with almost every single unmanaged computer probably hosting at least a few, likely more, viruses? Only in Windows

India suggests cloud storage to slow the spread of coronavirus

Sitaram Chamarty
Thumb Down

making "big brother" hay while the corona sun shines

title says it all.

The percentage of transmission due to documents is probably not even measurable. Currency notes are much more likely, and despite being a hard-core "cash is king" person, I can see that would be an issue, but passport, drivers licenses, and so on? Forget it... this is just the government trying to tout a service that no privacy-minded, security-minded, person should even consider using.

Have I Been S0ld? No, trusted security website HIBP off the table, will remain independent

Sitaram Chamarty

no one is speculating on...

...what company it was that made the final cut, based on correlating with any other news stories.

I'm not into that sort of digging, but I was so sure someone would have gone into the likely names that had a recent "change in business model".

Maker of Linux patch batch grsecurity can't duck $260,000 legal bills, says Cali appeals court in anti-SLAPP case

Sitaram Chamarty

Why so many downvotes?

I don't understand why your post was downvoted so many times. I was going to write pretty much what you wrote, albeit in different words.

Whether Perens was wrong or right would depend on the actual contract. After all, since payment is involved, there has to be *some* contract above and beyond the GPL (i.e., the GPL cannot be the only contract involved). As long as that contract does not impose restrictions on the software that the client *already has*, GPL is not violated anyway.

And whether Perens was right or wrong, it was clearly an *opinion*. OSS were foolish to take it to court, and got rightfully smacked down.

I am broot: The Reg chats to French dev about Rust tool that aims to improve directory navigation

Sitaram Chamarty

Re: Really?

that's one at a time. Seeing them all, with sizes listed, sorted descending by size, and navigable, is amazing.

Pretty much what ncdu, qdirstat (GUI) or similar tools do, of course, but Windows Explorer does NOT have that natively.

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5

Sitaram Chamarty

Re: Meanwhile on reddit

Over on reddit and/or twitter, there appeared to be several people who said the same thing.

It's Hipp to be square: What happened when SQLite creator met GitHub

Sitaram Chamarty

Re: rebase is important and useful

If you haven't pushed it to anyone yet, rebasing to fix minor issues is perfectly fine. There's no earthly reason not to clean up a commit series before pushing it to the world. In fact, a clean commit series helps the other guys understand what you did better (e.g., rather than seeing commit 9 with something that puzzles them, not realising that commit 13 has a 1-word change that resolves that puzzle with a "doh!", they see commit 9 all correct and proper, say "good", and move on to commit 10).

Rebasing something that's already pushed is, of course, very bad. But that's no reason to ban rebase completely, which -- even if this particular articles does not indicate, this "Hipp" person definitely implements in his "fossil" product.

Sitaram Chamarty

I would love to be fly on the wall at that meeting.

If you look at his "git versus fossil" page, at https://www.fossil-scm.org/index.html/doc/trunk/www/fossil-v-git.wiki , you can see it won't be a useful conversation. Heck it might not even stay polite, though I hear the guy who wrote git is now much mellowed than in the old days ;-)

Sitaram Chamarty

Re: rebase is important and useful

Maybe not in the interview/article referred here; I was going by my memory.

So I did some digging: here you go... "Rebase Considered Harmful" -- https://fossil-scm.org/home/doc/trunk/www/rebaseharm.md

Also, https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki#devorg very proudly (my interpretation) says "There is no rebasing mechanism in Fossil, on purpose".

Believe me, this guy is not shy about his hatred of rebase :)

Sitaram Chamarty

rebase is important and useful

Preventing rebase on a published set of commits is one thing, denying it completely in private branches -- before they're published -- is quite another.

I do recall reading about this "fossil" a few years ago, and I do remember backing off and pretty much ignoring it after that when I saw that the lack of rebase was a point of pride for that author.

There are kinder, gentler, ways to prevent rebase on a server, such as running `git config --global receive.denyNonFastForwards true`, without throwing the baby out with the bathwater and preventing its use on developer-local clones.

The Feds are building an America-wide face surveillance system – and we're going to court to prove it, says ACLU

Sitaram Chamarty

mandatory watching for everyone

Person of Interest, especially seasons 4 and 5

Flak overflow: Barrage of criticism prompts very public Stack Overflow apology

Sitaram Chamarty

people who get offended...

I know Linus himself has (supposedly, allegedly, reportedly!) mellowed, but I very much like, and agree with his famous quote about offending people: “I like offending people, because I think people who get offended should be offended.”

https://www.goodreads.com/quotes/8455149-i-like-offending-people-because-i-think-people-who-get

I don't mean (and I don't think he meant) that it should be practiced at every opportunity, but I'm sure we all know people who deserve that applied to them.

Clutching at its Perl 6, developer community ponders language name with less baggage

Sitaram Chamarty
Angel

doesn't matter who hates it...

...because God himself used it to create the world.

https://xkcd.com/224 (and don't be misled by the title tag!)

Fraught 'naut who sought consort's report says: I was up to naught, I will thwart fault tort

Sitaram Chamarty
Thumb Down

generally, yes (for example the limerick about bitbucket was awesome).

This particular headline... not so much! Looked a little desperate; did not "flow" as smoothly as some of the others I have seen before.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021